Lucene search

NvidiaCVELIST:CVE-2024-0108

HistoryAug 08, 2024 - 4:18 p.m.

CVE-2024-0108

2024-08-0816:18:27

CWE-755

nvidia

www.cve.org

nvidia jetson linux

nvgpu

vulnerability

denial of service

code execution

privilege escalation

CVSS3

8.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

EPSS

Percentile

9.5%

JSON

NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Jetson Linux"
    ],
    "product": "NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson TX1, Jetson Nano series",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to and including 32.7.4"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5555

CVSS3

8.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2024-0108